Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 7 replies
  • Answers 1 answer
  • Subscribers 29 subscribers
  • Views 1358 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

NginX Proxy Manager behind XG

Regex

Hello.

Scenerio: [XGHOME]------->[Docker_Revproxy]-----[SynologyNAS]

Is it possible to pass origin client IP to reverse proxy? Because Revproxy can see only gateway of Sophos XG.

Request on rev proxy look like this:

[13/Dec/2022:13:11:20 +0000] - 200 200 - POST https domain.example.com "/webapi/query.cgi" [Client 10.192.168.1] [Length 78369] [Gzip -] [Sent-to 10.192.168.2] "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36" "httpsdomain.example.com/"



This thread was automatically locked due to age.
  • 0

    Are you going to use WAF on SFOS as well? Because this looks like double reverse proxy scenario. Maybe not the best way. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    im using both. Slight smile\

    __________SETUP___________

    HP Small Form Factor:  i5 4Cores, 8Gb of RAM.
    Intel Network Card 5x Eth
    SSD: 256Gb

  • 0 in reply to Regex

    I don't recommend you to use both of them, either use WAF or Nginx.

    If you're still going to use both of them, you try to look if Nginx-Proxy-Manager have the "ngx_http_realip_module", if it does you can use the  "real_ip_header" to acquire the actual IPv4 address from the HTTP headers.

    You can find more information about this on the Nginx Docs.

    If a post solves your question use the 'Verify Answer' button.

    XG 115w Rev.3 8GB RAM v19.5 MR1 @ Home.

  • 0 in reply to Prism

    Exacly im using nginx proxy manager. So its not that sophos is limiting sth?

    __________SETUP___________

    HP Small Form Factor:  i5 4Cores, 8Gb of RAM.
    Intel Network Card 5x Eth
    SSD: 256Gb

  • 0

    got a similar setup 

    XG waf -> Nginx -> Website

    On my website i can find the real ip by reading using the header x-forwarded-for.

    As you are asking for the real ip in the reverse proxy maybe you can check if you can read this header out on nginx as well.

  • 0 in reply to Blao

    I'll check such option NginXmanager. 

    __________SETUP___________

    HP Small Form Factor:  i5 4Cores, 8Gb of RAM.
    Intel Network Card 5x Eth
    SSD: 256Gb

  • 0 in reply to Blao

    So for me it didnt work ;/ once i have had website behind Cloudflare so it was:

    Cloudflare -> XD[DNAT]--->NginX--->Host and i was able to config my website to pass origin ip source. with this syntax: 

    set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 104.16.0.0/12;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 131.0.72.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 2400:cb00::/32;
set_real_ip_from 2606:4700::/32;
set_real_ip_from 2803:f800::/32;
set_real_ip_from 2405:b500::/32;
set_real_ip_from 2405:8100::/32;
set_real_ip_from 2c0f:f248::/32;
set_real_ip_from 2a06:98c0::/29;
    real_ip_header CF-Connecting-IP;

    but i dont use CF anymore so i was tryied as you suggest:
    real_ip_header X-Forwarded-For;
     

    but now luck Slight smile

    __________SETUP___________

    HP Small Form Factor:  i5 4Cores, 8Gb of RAM.
    Intel Network Card 5x Eth
    SSD: 256Gb

Unfiltered HTML